[prev in list] [next in list] [prev in thread] [next in thread]
List: lists-bincimap
Subject: Re: [bincimap] cipher list argument
From: Andreas Aardal Hanssen <bincimap () andreas ! hanssen ! name>
Date: 2003-04-22 23:16:21
[Download RAW message or body]
On Tue, 22 Apr 2003, Bryan Christ wrote:
> Andreas,
> In your documentation, the "ca file" paramter is = "". I currenlty have
> it pointing to /etc/openssl/cacert.pem where "cacert.pem" is the root CA
> certificate I created for myself. Is that correct?
The CA file is supposed to be a list of certificate authorities, such as
the bundled ca-bundle.crt that comes with Red Hat. This is from what I
understand used to verify the client certificate (when verify peer = yes).
\
Your cacert.pem file may be a pem encoded CA file, and if it is, then that
should work. By default, the CA file is set to "" simply because verify
peer by default is also "no".
\
Usually, the server will have verify peer = no. This means that during the
initial SSL/TLS handshake, only the server's certificate is validated by
the client. In that case, all the server needs is a PEM encoded
certificate file (as generated by make server.pem in /usr/share/ssl/certs
when using Red Hat).
\
Hope this helps,
\
Andy :-)
> ---------- Original Message ----------------------------------
> From: Andreas Aardal Hanssen <bincimap@andreas.hanssen.name>
> Reply-To: Binc IMAP <lists-bincimap@infeline.org>
> Date: Mon, 21 Apr 2003 19:38:18 +0200 (CEST)
>
> > On Wed, 16 Apr 2003, Bryan Christ wrote:
> > > Here is a detailed output from openssl with the -state and -debug args
> > > It is also clear from my maillog created by postfix that my pem key is useable:
> >
> > I suspect that if you post this data to the OpenSSL mailing list, that
> > they will be of much greater help. The cipher list argument is passed as
> > is to the OpenSSL handler, so if it fails it's sort of out of my league.
> >
> > The address is openssl-users@openssl.org.
> >
> > I'm sure the OpenSSL guys can tell you what's wrong. :-)
> >
> > Andy
> >
> > --
> > Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg
> > Author of Binc IMAP | Nil desperandum
> >
> >
> >
>
--
Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg
Author of Binc IMAP | Nil desperandum
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic